OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 4th quarter (Oct-Dec) 1994: Re: login -h

Re: login -h

der Mouse (mouseCollatz.McRCIM.McGill.EDU)
Thu, 8 Dec 1994 12:22:42 -0500

> I don't think anyone should rely on wtmp for any kind of security.
> Whatof rsh?

If you're going to be paranoid about security, you should blow away
anything that lets people in unauthenticated, like rsh.

Quite aside from that,

> Its easy enough to do a rsh <host> xterm -ut -display <foo> and avoid
> wtmp detection.

Or more simply, rsh <host> csh -fi, which I have used when for some
reason rlogin didn't work (eg, out of ptys) and I needed a shell on the
machine to fix things.

> The -ut flag tells xterm to not make a entry in utmp and it never
> considers making a wtmp entry.  I suppose because it never has
> permissions to.

xterm is capable of writing a wtmp entry on almost any system on which
it can write utmp entries.  (The exceptions are those where (a) xterm
is not setuid-root, (b) utmp is world writable, and (c) wtmp isn't
world writable.)

> The rsh server would have to make the wtmp entry.  Which is odd it
> doesn't because it does if envoke a shell with it.  Hmmmm...

Given the current wtmp design, it shouldn't write a wtmp entry because
there's nothing to put in the ut_line field.  One could invent
something, I suppose....

					der Mouse

			    mousecollatz.mcrcim.mcgill.edu